feat(codex): add Azure OpenAI image generation support with direct routing

[zilianpn]

Description

为 Azure OpenAI 图片生成模型（如 gpt-image-2）添加直接路由支持。

Problem

网关正常的图片生成路径通过 Responses API 编排：

/v1/responses → gpt-5.4-mini → image_generation tool call → gpt-image-2

这在 OpenAI 上可以正常工作（所有模型共享同一端点），但在 Azure 上会失败。因为 Azure 每个模型是独立的部署，拥有不同的 URL，不支持跨部署的工具路由，导致 tool call 返回 404。

Solution

当检测到图片模型有独立的 upstream 配置（provider 已定义）时，绕过 Responses API 编排路径，直接将请求转发到模型自身的 /images/generations 或 /images/edits 端点。

Changes

SDK 图片处理器 (sdk/api/handlers/openai/openai_images_handlers.go)

• ImagesGenerations、imagesEditsFromMultipart、imagesEditsFromJSON 中增加判断：若模型有 provider 配置，走直接路由
• 新增 directImageGeneration 方法：通过 AuthManager 执行直接请求，返回标准 OpenAI 格式响应
• 新增 directImageEditsMultipart 和 directImageEditsJSON 方法：处理 edits 场景的 multipart 和 JSON 请求体转换

Codex Executor (internal/runtime/executor/codex_executor.go)

• 新增 executeImagesGeneration 方法：
  • 构建完整 URL，将 endpoint path（/images/generations 或 /images/edits）插入 baseURL，保留查询参数（如 Azure 的 ?api-version=）
  • Azure 部署自动剥离 response_format 参数（Azure 始终返回 base64，不接受此参数）
  • 记录请求/响应日志，返回原始 API 响应给客户端

Auth Conductor (sdk/cliproxy/auth/conductor.go)

• 修复重试回退逻辑：isRequestInvalidError 中新增 image_generation_user_error 判断，将 400 用户错误标记为不可重试，防止 AuthManager 错误地回退到其他 auth entry

请求详情 (sdk/api/handlers/handlers.go)

• 放宽 gpt-image-2 的拦截逻辑：仅在没有 provider 配置时返回错误，有独立 upstream 配置时允许通过 Responses API 编排路径

Affected Files

• sdk/api/handlers/openai/openai_images_handlers.go
• sdk/api/handlers/handlers.go
• internal/runtime/executor/codex_executor.go
• sdk/cliproxy/auth/conductor.go

[gemini-code-assist]

Code Review

This pull request introduces a direct execution path for image generation and editing models to bypass the standard Responses API orchestration. This change is specifically designed to support providers like Azure OpenAI, where models are deployed to unique URLs that do not support cross-deployment tool routing. The feedback provided focuses on generalizing the implementation to support both generation and editing endpoints dynamically, improving context propagation by using the request context, and ensuring compatibility with non-Azure providers by making the removal of the response_format parameter conditional. Additionally, it is recommended to use consistent error-handling utilities for better status reporting.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 625d63026c

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5e4c2d3f93

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[luispater]

/images/generations和/images/edits端点已经在现有main分支中支持。

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: c02507bca3

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[zilianpn]

@luispater 描述可能不准确，是增加 azure openai gpt-image的支持

[luispater]

OK，我reopen了，回头看一下

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8efeb04681

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 15319a6dcb

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 8d3c82ddf9

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 131724a909

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[luispater]

Summary

This PR adds a direct execution path for /v1/images/generations and /v1/images/edits to support Azure OpenAI image deployments (e.g. gpt-image-2) where cross-deployment tool routing via the Responses API can fail. It introduces:

• CodexExecutor alt handling for images/generations + images/edits by constructing {base_url}/{images/*}?api-version=... and forwarding JSON.
• OpenAI images handlers that bypass the Responses-orchestration path when a codex provider + base_url is configured.
• Auth conductor tweaks to treat image_generation_user_error (400) as non-retryable and to stop fallback on HTTP 500.
• Restricting gpt-image-2 builtin injection to auth entries that actually configure image models + base_url.

Blocking

• stream field handling for direct routing
  • The direct generations path forwards the original JSON body as-is. If clients send stream: true (supported by the gateway’s current orchestration path), that field will be forwarded upstream to /images/generations and may be rejected as an unknown parameter (or change semantics silently).
  • Same risk applies to the JSON edits direct path (directImageEditsJSON copies the original body).
  • Suggested fix: strip stream (and any other gateway-only fields) before calling ExecuteWithAuthManager, and explicitly define behavior when stream=true (reject with a clear error, or ignore and return non-stream response).

Non-blocking

• Fallback policy change on HTTP 500
  • isServerError now prevents fallback on HTTP 500 across Execute, ExecuteCount, and ExecuteStream. Please confirm this is intended at global scope (and consider whether 502/503/504 should be treated similarly).
• Azure detection
  • Stripping response_format based on baseURL containing openai/deployments is a pragmatic heuristic, but brittle; consider an explicit provider/type marker or URL parsing.
• Edits multipart parameter typing
  • partial_images and output_compression are coerced to integers; please confirm these match the upstream contract (otherwise preserve original types).

Test plan (suggested)

• Add a unit/integration test that exercises the direct route and asserts stream is not sent upstream (and/or that stream=true yields a clear error for direct routing).
• Manual sanity on an Azure deployment base_url:
  • /v1/images/generations with/without stream
  • /v1/images/edits (multipart and JSON) with optional fields (size/quality/background/output_format/etc.)

[zilianpn]

@luispater

1. stream 字段处理 (Blocking) — ✅ 已修复

已修复。在 ImagesGenerations handler（line ~240）和 directImageEditsJSON（line ~1036）中，进入直连路径前剥离 stream 字段。直连模式本身就是非流式的（ExecuteWithAuthManager 是非流式调用），该字段不应传递给上游。

2. 500 不回退策略 (Non-blocking) — ✅ 确认是预期行为

确认这是全局预期行为。500 是上游服务器错误，切换 auth/provider 无法解决。实际遇到的问题：Azure 返回 500 后，fallback 到另一个 base_url 不匹配的 auth，产生了误导性的 400（unknown_parameter: response_format），掩盖了真实的 500。直接返回原始 500 让客户端能准确重试。502/503/504 属于网络/代理层错误，切换 provider 理论上可能有效，后续可根据需要扩展。

3. Azure 检测 (Non-blocking) — ✅ 已优化

已从 strings.Contains(baseURL, "openai/deployments") 改为 isAzureOpenAIURL() 函数，通过解析 URL host 判断是否以 .openai.azure.com 结尾，比字符串子串匹配更准确。

4. Edits multipart 参数类型 (Non-blocking) — ✅ 确认正确

output_compression（百分比）和 partial_images（数量）确实是 int 类型，与上游 Azure /images/edits 契约一致。

5. 测试建议 (Suggested) — 后续迭代

感谢建议，后续会补充单元测试验证 stream 字段剥离和直连路径的端到端流程。

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 060d4ad90b

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Gate direct image routing on model-specific base_url auth

The new direct path is enabled whenever HasAuthWithBaseURL("codex") is true, but that check is global and not tied to the auths that can actually serve the requested image model. Fresh evidence: the hasImageModel/base_url filtering added in buildCodexConfigModels only runs for entries with custom models, so default Codex entries can still advertise gpt-image-2 without a base_url; in that mixed setup this branch forces direct routing and executeImagesGeneration returns 401 missing provider baseURL instead of using the prior Responses fallback.

Useful? React with 👍 / 👎.